CPRA Calculator: Does Your Business Need to Comply?
Determine if your business meets the thresholds set by the California Privacy Rights Act (CPRA) with our easy-to-use CPRA Calculator. Find out if you need to comply with California’s data privacy regulations.
CPRA Applicability Calculator
Your Inputs vs. CPRA Thresholds
CPRA Thresholds
CPRA Criteria Summary
| Criterion | CPRA Threshold | Your Business Value | Threshold Met? |
|---|---|---|---|
| Annual Gross Revenue | > $25,000,000 | – | – |
| CA Consumers/Households Data Processed | ≥ 100,000 | – | – |
| % Revenue from Selling/Sharing CA Data | ≥ 50% | – | – |
What is the CPRA Calculator?
The CPRA Calculator is a tool designed to help businesses quickly assess whether they likely fall under the jurisdiction of the California Privacy Rights Act (CPRA), which amends and expands upon the California Consumer Privacy Act (CCPA). It uses the key quantitative thresholds defined in the CPRA to provide an initial indication of applicability.
Businesses that collect, process, buy, sell, or share the personal information of California residents should use this CPRA Calculator to understand their potential obligations under the law. It’s particularly useful for small to medium-sized businesses that might be unsure if they meet the thresholds.
Common misconceptions include believing that only very large corporations are affected or that the CPRA only applies to businesses physically located in California. In reality, the CPRA can apply to businesses worldwide if they meet the criteria and deal with California residents’ data. This CPRA Calculator helps clarify these points based on the defined thresholds.
CPRA Calculator Formula and Mathematical Explanation
The CPRA defines specific thresholds for businesses to fall under its scope. A business is subject to the CPRA if it is a for-profit entity doing business in California that collects consumers’ personal information (or on behalf of which such information is collected) and meets at least one of the following criteria as of January 1 of the calendar year:
- Had annual gross revenues in excess of twenty-five million dollars ($25,000,000) in the preceding calendar year.
- Alone or in combination, annually buys, sells, or shares the personal information of 100,000 or more California consumers or households.
- Derives 50 percent or more of its annual revenues from selling or sharing California consumers’ personal information.
So, the logical formula used by the CPRA Calculator is:
Is_Covered = (AnnualRevenue > 25000000) OR (ConsumersProcessed >= 100000) OR (RevenueFromSelling >= 50)
| Variable | Meaning | Unit | Typical Range |
|---|---|---|---|
| AnnualRevenue | Annual gross revenue in the preceding calendar year | USD | 0 – Billions |
| ConsumersProcessed | Number of CA consumers/households whose data is bought, sold, or shared | Count | 0 – Millions |
| RevenueFromSelling | Percentage of revenue from selling/sharing CA data | % | 0 – 100 |
Practical Examples (Real-World Use Cases)
Example 1: Small E-commerce Business
A small online retailer has annual gross revenue of $15 million. They process data from 80,000 California customers but don’t actively sell data, deriving 0% of revenue from selling or sharing data.
- Annual Revenue: $15,000,000
- Consumers Processed: 80,000
- % Revenue from Selling/Sharing: 0%
Using the CPRA Calculator, none of the thresholds are met ($15M < $25M, 80k < 100k, 0% < 50%). Result: Likely Not Covered by CPRA (based on these thresholds alone, other factors might apply).
Example 2: Data Broker
A data broker has annual gross revenue of $5 million. They buy and sell personal information of 200,000 California consumers, and 70% of their revenue comes from these activities.
- Annual Revenue: $5,000,000
- Consumers Processed: 200,000
- % Revenue from Selling/Sharing: 70%
The CPRA Calculator shows that while revenue is low, the number of consumers (200,000 >= 100,000) and the revenue percentage (70% >= 50%) both exceed the thresholds. Result: Likely Covered by CPRA.
How to Use This CPRA Calculator
- Enter Annual Gross Revenue: Input your business’s total gross revenue from the previous calendar year in the first field. Do not include commas or dollar signs.
- Enter Consumers/Households Data Processed: Input the number of California consumers or households whose personal information your business buys, sells, or shares annually.
- Enter Revenue Percentage: Input the percentage of your annual revenue derived from selling or sharing California consumers’ personal information.
- Click Calculate: Press the “Calculate” button (or the results will update automatically if you changed values).
- Review Results: The calculator will display whether your business is “Likely Covered by CPRA” or “Likely Not Covered by CPRA” based on the thresholds, along with which specific thresholds were met. The chart and table also visualize this.
The results provide a preliminary assessment. If the CPRA Calculator indicates you are likely covered, it is crucial to consult with legal counsel specializing in data privacy to confirm your obligations and ensure full compliance.
Key Factors That Affect CPRA Applicability
Several factors determine whether the CPRA applies to your business, as reflected in our CPRA Calculator:
- Annual Gross Revenue: The $25 million threshold is a clear line. Businesses exceeding this, regardless of other factors, are likely covered.
- Volume of Data Processing: Handling the personal information of 100,000 or more California consumers or households is another trigger, even for businesses with lower revenue. This is crucial for businesses with large user bases but lower individual revenue.
- Business Model (Selling/Sharing Data): If a significant portion (50% or more) of your revenue comes from selling or sharing California consumer data, the CPRA likely applies, even if total revenue and consumer numbers are below the other thresholds. This targets data brokers and similar businesses.
- For-Profit Status: The CPRA primarily applies to for-profit entities. Non-profits may have different obligations or exemptions, though they should still be mindful of data privacy best practices.
- Doing Business in California: This is broadly interpreted and doesn’t require a physical presence. If you target California residents or have significant business activities related to California, it can apply.
- Type of Information Processed: While the thresholds are quantitative, the *type* of data (e.g., sensitive personal information) can impact the *level* of compliance required once covered.
Understanding these factors is vital when using the CPRA Calculator and assessing your compliance needs.
Frequently Asked Questions (FAQ)
- What if my revenue is just under $25 million?
- If your revenue in the preceding calendar year was $25 million or less, you don’t meet the revenue threshold. However, check if you meet the other two thresholds using the CPRA Calculator.
- Does the CPRA apply to businesses outside of California?
- Yes, if they meet any of the thresholds and deal with the personal information of California residents, the CPRA can apply regardless of the business’s physical location.
- What’s the difference between “selling” and “sharing” data under CPRA?
- “Selling” is disclosing personal information for monetary or other valuable consideration. “Sharing” is broader and includes disclosing for cross-context behavioral advertising, even without direct payment.
- Does the 100,000 consumer threshold apply to website visitors?
- It applies to consumers or households whose personal information is bought, sold, or shared. If you are collecting and then selling or sharing information from 100,000 unique California visitors, it could apply. Mere visitation without such processing might not, but consult legal advice.
- Is the CPRA Calculator a substitute for legal advice?
- No. This calculator provides an initial assessment based on the main quantitative thresholds. It is not legal advice, and you should consult a qualified attorney for CPRA compliance guidance.
- What if my business meets the criteria mid-year?
- The thresholds are generally assessed based on the preceding calendar year (as of January 1st). However, rapid growth might warrant proactive compliance measures.
- Are non-profits subject to CPRA?
- The CPRA primarily targets for-profit entities. However, non-profits controlled by or sharing branding with for-profit entities might fall under its scope in some circumstances. Specific exemptions may apply.
- What happens if I ignore the CPRA?
- Non-compliance can lead to significant fines and penalties imposed by the California Privacy Protection Agency (CPPA), as well as potential private rights of action in certain cases like data breaches.
Related Tools and Internal Resources
- CCPA vs. CPRA: What’s New? – Understand the key differences between the CCPA and the expanded CPRA.
- Global Data Privacy Regulations Overview – Learn about other data privacy laws like GDPR that might affect your business.
- How to Comply with CPRA – A guide on the steps businesses need to take to achieve CPRA compliance.
- California Consumer Rights Under CPRA – Details on the rights granted to California consumers.
- Data Security Best Practices for Businesses – Information on securing the data you collect.
- Data Breach Notification Laws – Understand your obligations in case of a data breach.
These resources provide further information on data privacy and compliance, helping you navigate the complexities of laws like the CPRA. Using the CPRA Calculator is a first step in this process.